[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chrooting a program not designed to be chrooted

On Thu, Jan 23, 2003 at 07:17:09PM -0000, Dom De Vitto wrote:
> Ted,
> If you go back to basics being root just to bind to <1024 is daft.
> Just bind to a non-priv port, as a non-priv user in a chroot jail,
> then NAT traffic to the priv port to the unpriv one & vice versa.

no, bind to the port before you chroot & drop privs.

Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)